Join YesWeHack at leHACK 2023!

Categories
2023 Bug Bounty conferences
Join us in Paris 🔥

Since 2003, leHACK, the historical French hacking conference organized by HZV, has brought together professionals and amateurs of any levels. This event gathers all the latest advances in cybersecurity through conferences, challenges and workshops. For this ‘Kernel Panic’ edition, leHACK will be held from June 30th to July 2nd at La Cité des Sciences et de l’Industrie in Paris!

→ Stop by booth 41, level S2, to meet YesWeHack! ←

🔎 Need to know more about Bug Bounty, VDP or Pentest Management? Come have a chat with our team and discover how a crowdsourced security strategy could fit your organisation. You might even be able to grab some cool swag!

 

👨‍💻Looking to put your skills to the test? Join us at our booth during the two days of leHACK and take part in a brand new challenge created by our very own Tech Ambassador, BitK. Prepare yourself to take on the ultimate challenge of defeating the machine! Your objective is clear:

Accumulate points and propel yourself closer to an array of enticing rewards 🍻

  • First Prize: A one-year license for Burp Suite, the ultimate tool for web application security testing.
  • Second Prize: A one-year license for Hack the Box, a premier platform for honing your hacking skills.
  • Third Prize: An amazing goodies pack that will surely bring a smile to your face.

 

📣 Interested in prototype pollution? On June 30th, 2pm, at the Gaston Berger conference stage, don’t miss out BitK and SakiiR‘s talk on:

Prototype pollution and where to find them

Prototype pollution is a vulnerability in JavaScript applications that can have varying impacts depending on the complexity and nature of the affected app. It exploits the prototype inheritance feature of JavaScript, which allows objects to inherit properties and methods. By manipulating the prototype chain of an object, an attacker can introduce malicious properties, leading to unexpected behavior and potentially allowing the attacker to execute arbitrary code.

In this talk, we will first give an overview of JavaScript prototypes and prototype pollution attacks. We will then introduce a new tool we have developed to assist ourselves in identifying gadgets by instrumenting the source code. This allows it to aid in whitebox audits, enabling researchers to easily identify vulnerabilities in large codebase. Finally, we will demonstrate how the tool is used during a live demo targeting popular JavaScript libraries. Our goal is to help researchers and developers understand the potential impacts of prototype pollution and learn how to identify and exploit these vulnerabilities in JavaScript applications.

🚨 Exclusive Live Bug Bounty

Get ready for a new Live Bug Bounty at leHACK 2023! This year again, we have planned an exciting hacking adventure that you won’t want to miss. Only leHACK attendees will be able to take part, so make sure to sign up and be on-site on Saturday morning!

The partner companies as well as the scopes will be revealed at the start of the live bug hunting session, but we can guarantee that the wait will be worth it! You’ll be able to exchange directly on-site with the partners’ security teams and the YesWeHack team about your findings to improve your hacking skills.

The Live Bug Bounty will take place from July 1st, 10am to July 2nd, 6am. To take part, you must register to leHACK 2023 and have an account on YesWeHack’s Bug Bounty platform. Via their registration, Live Bug Bounty Hunters at leHACK 2023 will be subject to the terms of use of the YesWeHack Bug Bounty platform.

HOW TO PARTICIPATE 💡
  1. Register on yeswehack.com and complete the account verification steps.
  2. Log in on yeswehack.com from leHACK Wi-Fi.
  3. Head to https://yeswehack.com/programs where you’ll find the exclusive leHACK program at the top of the page.
  4. Read the rules carefully and check the scopes.
  5. Get ready to hack!

We look forward to seeing you there!

👉 About YesWeHack

Founded in 2015, YesWeHack is a global Bug Bounty and VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting tens of thousands cybersecurity experts (ethical hackers) across 170 countries with organisations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.

YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers: a creation and management solution for Vulnerability Disclosure Policy (VDP), a Pentest Management Platform, a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.

Contact us

Date(s): 30/06/2023 - 02/07/2023 | All Day

Location(s): Cité des Sciences et de l’Industrie | 30 avenue Corentin Cariou | Paris | France